If you integrate the Centrify agent with a software environment that has limited configuration options, a standard ldapsearch query might fail to return zone users and groups. If you encounter this issue, you can use a configuration parameter to automatically translate a standard search for Active Directory users and groups into a search query for zone users and groups.
You can set the ldapproxy.cdctranslate.fetchbydnuid parameter in the slapd.conf configuration file to true if you want a search for Active Directory users and groups to be automatically translated into a search for zone users and groups. The default is false. After changing the parameter setting, you should restart the centrify-ldapproxy service.
Note that the translation only applies if the ldapproxy.cdctranslate.fetchbydnuid parameter is set to true, and the following additional conditions are in the search request:
- For the search base, the first part of the DN must be "uid=unixname"
- The search scope base must be (0)
- The search filter must be (objectClass=*)
For example, automatic translation is performed if you run a command similar to the following after changing the ldapproxy.cdctranslate.fetchbydnuid parameter to true and restarting the centrify-ldapproxy service:
ldapsearch -x -D "cn=zoe,OU=ajax,dc=pistolas,dc=org" -w password -h localhost "(objectClass=*)" -b "uid=zoe,OU=ajax,dc=pistolas,dc=org" -s base